package org.keycloak.adapters.undertow;

import io.undertow.security.api.AuthenticationMechanism;
import io.undertow.security.api.NotificationReceiver;
import io.undertow.security.api.SecurityContext;
import io.undertow.security.api.SecurityNotification;
import io.undertow.server.HttpServerExchange;
import io.undertow.servlet.api.ConfidentialPortManager;
import io.undertow.servlet.handlers.ServletRequestContext;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.jboss.logging.Logger;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.AdapterDeploymentContext;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.RequestAuthenticator;

/* loaded from: input_file:WEB-INF/lib/keycloak-undertow-adapter-1.0.4.Final.jar:org/keycloak/adapters/undertow/ServletKeycloakAuthMech.class */
public class ServletKeycloakAuthMech extends UndertowKeycloakAuthMech {
    private static final Logger log = Logger.getLogger(ServletKeycloakAuthMech.class);
    protected UndertowUserSessionManagement userSessionManagement;
    protected ConfidentialPortManager portManager;

    public ServletKeycloakAuthMech(AdapterDeploymentContext adapterDeploymentContext, UndertowUserSessionManagement undertowUserSessionManagement, ConfidentialPortManager confidentialPortManager) {
        super(adapterDeploymentContext);
        this.userSessionManagement = undertowUserSessionManagement;
        this.portManager = confidentialPortManager;
    }

    public AuthenticationMechanism.AuthenticationMechanismOutcome authenticate(HttpServerExchange httpServerExchange, SecurityContext securityContext) {
        UndertowHttpFacade undertowHttpFacade = new UndertowHttpFacade(httpServerExchange);
        KeycloakDeployment resolveDeployment = this.deploymentContext.resolveDeployment(undertowHttpFacade);
        return !resolveDeployment.isConfigured() ? AuthenticationMechanism.AuthenticationMechanismOutcome.NOT_ATTEMPTED : keycloakAuthenticate(httpServerExchange, securityContext, createRequestAuthenticator(resolveDeployment, httpServerExchange, securityContext, undertowHttpFacade));
    }

    @Override // org.keycloak.adapters.undertow.UndertowKeycloakAuthMech
    protected void registerNotifications(SecurityContext securityContext) {
        securityContext.registerNotificationReceiver(new NotificationReceiver() { // from class: org.keycloak.adapters.undertow.ServletKeycloakAuthMech.1
            public void handleNotification(SecurityNotification securityNotification) {
                KeycloakUndertowAccount keycloakUndertowAccount;
                if (securityNotification.getEventType() != SecurityNotification.EventType.LOGGED_OUT) {
                    return;
                }
                HttpServletRequest servletRequest = ((ServletRequestContext) securityNotification.getExchange().getAttachment(ServletRequestContext.ATTACHMENT_KEY)).getServletRequest();
                servletRequest.removeAttribute(KeycloakUndertowAccount.class.getName());
                servletRequest.removeAttribute(KeycloakSecurityContext.class.getName());
                HttpSession session = servletRequest.getSession(false);
                if (session == null || (keycloakUndertowAccount = (KeycloakUndertowAccount) session.getAttribute(KeycloakUndertowAccount.class.getName())) == null) {
                    return;
                }
                session.removeAttribute(KeycloakSecurityContext.class.getName());
                session.removeAttribute(KeycloakUndertowAccount.class.getName());
                if (keycloakUndertowAccount.getKeycloakSecurityContext() != null) {
                    keycloakUndertowAccount.getKeycloakSecurityContext().logout(ServletKeycloakAuthMech.this.deploymentContext.resolveDeployment(new UndertowHttpFacade(securityNotification.getExchange())));
                }
            }
        });
    }

    protected RequestAuthenticator createRequestAuthenticator(KeycloakDeployment keycloakDeployment, HttpServerExchange httpServerExchange, SecurityContext securityContext, UndertowHttpFacade undertowHttpFacade) {
        return new ServletRequestAuthenticator(undertowHttpFacade, keycloakDeployment, getConfidentilPort(httpServerExchange), securityContext, httpServerExchange, this.userSessionManagement);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public int getConfidentilPort(HttpServerExchange httpServerExchange) {
        int i = 8443;
        if (httpServerExchange.getRequestScheme().equalsIgnoreCase("HTTPS")) {
            i = httpServerExchange.getHostPort();
        } else if (this.portManager != null) {
            i = this.portManager.getConfidentialPort(httpServerExchange);
        }
        return i;
    }
}
